TKOResearch
Menu

Resource

Review RAG boundaries before retrieved content becomes model context.

A worksheet for evaluating tenant boundaries, document authorization, chunk lineage, metadata filters, trust labels, prompt assembly, and citation capture.

What you receive

Concrete outputs for a specific decision.

  • Tenant-boundary checklist
  • Document authorization prompts
  • Chunk lineage table
  • Metadata filter review
  • Trust label and citation checklist

Work product

Worksheet preview

Use this structure to test whether retrieval and prompt assembly preserve the same authorization boundary as the source system.

Source row

Source: customer knowledge base. Authorization: tenant plus role. Chunk lineage: document ID, section ID, ingest time, source permission hash.

Boundary test

Ask whether a user can retrieve a chunk they could not open directly in the source application.

  • Expected: denied
  • Observed: record retrieved chunks and filters
  • Fix owner

Prompt assembly review

Mark whether retrieved content is labeled as data, whether source citations are available, and whether malicious instructions are filtered or quoted.

01

Review prompts

  • Can a user retrieve material they cannot access through the source system?
  • Can metadata filters be bypassed, omitted, stale, or over-broad?
  • Are generated answers grounded in authorized chunks with visible source context?
  • Can malicious documents inject instructions into prompt assembly?

Next step

Start with the decision and the system boundary.

Request editable worksheet